Agresso-SSLThe Agresso Web client can either be run under HTTP or HTTPS. The HTTPS mode provides greater security as the data that is transmitted between the Agresso Web Client and the Agresso Web Server is encrypted.

Report Engine (Excelerator) and Web Services (ipad connections etc) also use the same method to connect to the server.

HTTPS is the recommended method and is strongly recommended for any environments where data will be transmitted over the internet.

HTTPS uses an SSL Certificate which can either be self generated or purchased from a third party certificate authority such as Thawte, RapidSSL, Comodo, VeriSign (now Symantec) etc. Self generated certificates are free, but we would recommend purchasing one from a certificate authority.

Once you have the certificate it requires loading onto the server via the certificate root console. How to obtain and load the certificate is documented by the certificate authority when you purchase the certificate so won’t cover that here. But once it’s loaded onto the server it needs adding into IIS.

Start IIS and go to the Default Web Site and then click on the Bindings menu in the right hand pane.

agresso-ssl1

From the Bindings menu add the HTTPS protocol and select the SSL certificate that you have just loaded onto the server.

agresso-bindings

 

 

 

 

 

 

 

 

On the Agresso web server launch the Agresso management console and navigate to the following menu

agresso-menu

 

 

 

 

 

 

 

Expand the menu node and go to the Protocol option. If the HTTPS is not already there then add it in. Remove the HTTP entry so it looks something like this. Do this step for the Web Services and the Report Engine (and if applicable Web Classic – Milestone 4 only)

agresso-protocol

 

 

Then go to the Publish option and in here you will see that it is currently published using HTTP.

agresso-uri

 

 

Withdraw this and then Publish it using the HTTPS option. Do this for the Report Engine and if applicable Web Classic.

agresso-publish

 

 

Please note that when you first withdraw the web service that it may likely just be the hostname of the server. In this instance the server is called agressoweb and Fully Qualified Domain Name (FQDN) of the company name is erphosting.co.uk. SSL Certificates would have been normally purchased specifically for this server agressoweb.erphosting.co.uk or they would be wildcard certificates which you can install on any server which has a FQDN ending in erphosting.co.uk.

Because the certificates are only valid for the exact hostname, after withdrawing the HTTP://agressoweb you would publish the https to HTTPS://agressoweb.erphosting.co.uk. If the FQDN is omitted then the hostname won’t match the name on the SSL certificate and this will give a warning message and a red cross in the menu bar in your browser.

So the URL to the web client that would previously have been http://agressoweb/agresso would now be https://agressoweb.erphosting.co.uk/agresso